Can The President Use An Executive Order To Push Through Cybersecurity Rules?

from the sorta-maybe-possibly dept

With the Cybersecurity Act failing in the Senate, there's been some buzz that President Obama might push through a bunch of provisions via executive order. From a political standpoint, there are tons of reasons to do so. If nothing gets done, and some sort of attack does happen, opponents can claim that he failed to strengthen our cybersecurity. But this way, he can claim he's doing what he can, and pin the blame on Congress for not doing their part.

But what would it mean if he goes down this route? The Daily Caller has a hysterical and totally misleading piece claiming that this would allow for an "internet takeover." As skeptical as I am for the need for such cybersecurity legislation (and I'm pretty skeptical), that article is just pure hyperbole. This has nothing to do with "taking over the internet," and that's just someone who's lying or clueless.

The original link above, from The Hill, points out that, when it comes to industries that are already regulated, the administration could easily order them to include certain cybersecurity standards among their existing regulations:

Many companies managing vital computer systems are already heavily regulated. Lewis said the president could order agencies to require the industries they regulate to meet cybersecurity standards.

"You don't need new legislative authority to do that," Lewis said.

He noted that some regulatory agencies, including the Federal Communications Commission and the Nuclear Regulatory Commission, are independent and not bound to follow executive orders. But Lewis predicted that even the independent agencies would likely enforce an executive order on cybersecurity.

That likely would lead to some pushback concerning the limits of regulatory control, but if it actually solves the few problems we hear about (such as critical systems being connected to the internet) then perhaps it's a more reasonable way to deal with things.

The other part of the bill, which was the part that concerned us the most, concerning information sharing, would be much more difficult to go after via an executive order. Stewart Baker has an interesting analysis of the possibility there, and he comes at it from someone who is... well, more hostile towards those of us who believe that privacy rights are important. He's been railing against privacy rights activists and their attacks on the cybersecurity proposals for a while, and doing so in misleading and incomplete ways, unfortunately. He does the same here, suggesting that privacy lobbyists are a part of the problem, while completely misrepresenting their concerns, even to the point of suggesting that privacy activists don't want to allow info sharing because sharing attack info reveals "personal info of the attacker." That's silly. No one has ever argued for that, and Baker is setting up a strawman.

However, he does note ways in which the administration can at least clarify intent via executive order to get around these claimed limitations (which I'm not convinced are actual limitations, as he describes them):

It is hard to fix bad laws with an executive order, but in this case I’m not sure it can’t be done. States with two-party laws are a minority already (about a dozen states, depending on how you count), and their laws are under pressure in the courts (thanks to police officers claiming that it’s a felony for members of the public to record them without their consent). What’s more, despite claims about their chilling effect on signature filtering, two-party-consent laws don’t seem to have stopped the emergence of robust spam filtering by private companies. A clear presidential statement that allowing such laws to bar signature filtering threatens national security would almost certainly resolve any lingering doubts, especially if it’s backed by an order that the Justice Department intervene as necessary in private state suits that challenge signature filtering.

All that’s left then is the federal ban on unsubpoenaed information sharing, and even it might yield to a little creativity. Not everyone is subject to the ban. So can the parties who are covered by the restriction (ISPs, webmail providers) simply share their data with parties who aren’t covered (security firms)? And can the security firms in turn sell their data to government? Maybe so. Again, a clear presidential statement that such a measure is essential for national security would make the courts think twice before declaring that Tinker-to-Evers-to-Chance is simply an evasion of the ban on Tinker sharing with Chance.

However, he also notes that Obama might not want to "tussle" with privacy groups and so this section may get ignored. While I agree that there are some privacy extremists who set forth proposals that go way too far, I think many of the people who were concerned about the cybersecurity bill over privacy issues wouldn't necessarily be against very narrowly defined rules on information sharing, though it still seems unclear how much any existing law is really holding back info sharing for the purpose of cybersecurity. Passing data through third parties, of course, is a lot more controversial, depending on the controls and oversight involved. But, again, it's still unclear how big of a problem this really is.

Either way, it wouldn't surprise me to see some sort of use of Executive Orders here, but the limits on those would hopefully limit most of the really bad stuff found in the bill proposals.

from what i have read recently, almost every person of power, whether the head one (the President) or not, seems to think they can do whatever they want, whenever they want and there is no action that can be taken against them. the general consensus of opinion being 'fuck everyone who opposes what i want to do, especially the citizens, 'cause i'm gonna do it anyway'!

Two-Party Concent?

Okay... I am clearly no lawyer. I foolishly thought that even states with one-party consent to recording conversations needed, you know, at least one participate of the conversation to consent to another listener/recording, not that it meant anyone could just decide to record or listen in without either party knowing.

Well, know that I know that, how to capitalize on this insight. Hmmm...

(Also, seriously, saying that a SPAM filter is the equivalent of interception and recording? ... I am no lawyer, and I like my frontal lobe to much to become one.)

I am also skeptical of a internet security bill, but not because we dont need one, imagine what could happen if a attack happened on all the major banks. My concern is Washington and the way they take orders from the recording industry on a constant basis. This means that security will become censorship and well fuck that....

lets remove money from politics first, then the only people they are accountable to is the majority of voters.

Re:

not because we dont need one, imagine what could happen if a attack happened on all the major banks.

An effective and desirable internet security bill that actually addresses real, critical national security problems (electric grid, etc.) is probably desirable, but it would be very short and sweet and wouldn't impact civil rights at all:

"Systems that control critical infrastructure are not to be connected to the internet."

Re:

lets remove money from politics first, then the only people they are accountable to is the majority of voters.

If we had representation in the proportion intended, we would have 9300-10200 representatives in the House. We've been locked at 435 for over 100 years. Not only has their power grown considerably from this lockdown, but a large part of the funding problems comes from having only about 4% of the representation we're due.

So where is the idea that blaming the president for doing nothing while doing everything that can be done to kill any proposals that might lead to actually accomplishing something coming from? I guess that's the same party that has fought for 4 years to keep anything from passing. Seems last I heard they were claiming the president's policies hadn't worked for the economy while ignoring their little part in that failed policy claim.

I trust neither of these parties to actually do something that is good for the country unless there is a pay off in it from some corporation. From the outside looking in, it all looks like Washington is corrupt to the core.

It looks like we need a voting election that removes pretty near all incumbents, lacking very few.

Follow the Leader

He is the president and has access to a lot of information that the general public is not aware of. I am sure he is making decisions based on what is best for his constituents. Whether it is fighting this country's cyber wars, or real wars, he is looking out for America. So if you think he is just "pushing something through" you don't have all the facts to understand the situation.

Remember, this is the president that killed Osama, something George Bush failed to do. He is winning the war against piracy as well. Obama is making this counry safer even with all the complaining from citizens that should recognize their place in this country and follow what are leaders decide for us. In fact, isn't that what we elected them to do?

America is a shining light in a dark world. We can fix all the problems the rest of the world creates. Just listen to us and do what we say. Easy as pie. Don't you want to be like us, free and all?

Re:

Stewart Baker writes that CISPA "would have undone a couple of overbroad privacy laws from the 60s and the 80s."

But he doesn't tell us the names of those laws.

He also neglects to tell us that CISPA goes much further, by saying that "Notwithstanding" any law, our medical records, passwords, and emails can be shared without telling us.

Baker makes CISPA seem like it would narrowly affect privacy.

In reality, CISPA would broadly destroy privacy.

Baker also implies that ISPs can't share malware information under current law.

In reality, they can. They do it through a non-profit, "the National Cyber Forensics and Training Alliance." Kashimir Hill wrote about it in a Forbes article, "The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA."

Yes Yes Yes

The president can do anything he wants with an executive order. There were fears that Nixon would pardon himself if Congress impeached him as a sitting President.

You can make it one big pissing match. Anything Congress does or the Courts find can be undone with an Execuvite order. Up until President Clinton, presidents were very careful to not create a situation with Executive Orders. Clinton was bad, Bush was even worse and Obama is a habitual abuser.

Re: Yes Yes Yes

The president can do anything he wants with an executive order

Not actually true. An executive order can do anything that is already in the power of the executive branch.

An executive order cannot make new laws, for instance (lawmaking is a power of the legislative branch) or decide what a law means (interpreting law is the power of the judicial branch) but can affect how or if laws are enforced (enforcing laws is a power of the executive).

An executive order cannot allocate money (budgeting is the power of the legislative) but it can decide whether or not to spend the money budgeted.

And so forth.

As much as every president tries to act otherwise, the president is not a king. The US presidency is actually very weak when compared to the powers that other heads of state have.

Re:

Re:

Executive orders aren't laws. They are directives to the executive branch. If you don't work in the executive branch, they don't apply to you.

They can affect you, though, by changing the regulations around how laws are implemented. Violating those regulations carries the same penalties they always carry (which can vary according to the regulation), but are typically limited to fines.

Y2K

Hey, remember what happened on Y2K? Remember when all the computers in the world crashed, planes fell out of the sky, there were massive blackouts, the banking system collapsed, and it was the end of civilization as we know it? Remember that? No? Neither do I.

If Obama doesn't push this thru: his political opponents will collude to entice terrorists to cyber attack the weakpoints made evident in this legislation. that will finally 'prove' we need more cybersecurity legislation and that Obama was a terrible President.

If Obama does push this thru: his political opponents will claim that he is owned by corporations and special interest groups, that he is anti-american for passing laws in a 'border-line unconstitutional way', and that he and his big government want to take away civil liberties and spy on "the American People"